Broadcast or multicast is the transmission of data from a single sender to multiple recipients, with broadcast transmission being a “one-to-all” transmission and multicast transmission being a “one-to-many” transmission. In this application, “multicast” and “broadcast” will be used interchangeably.
FIG. 1 shows a typical multicast system 110 using conventional cryptography which is oriented toward point to point encryption. In a multicast system which uses point to point encryption, if party A wants to send data to parties B, C and D, party A must somehow communicate a secret key individually to each of the parties B, C and D such that no one else knows the key.
In the Public Key Infrastructure (PKI) cryptography, party A uses a common symmetric key K for all three transmissions, but sends this common symmetric key K three different times encrypted individually for each of the parties B, C and D. To do this encryption, party A makes use of first, second, and third keys, each different, for parties B, C and D, respectively. Each such key is called a “public key.” The public key is part of the public/private key pair that has been previously established using conventional methods. For example, party A uses the public key for party B to encrypt a random common symmetric key K and then sends the encrypted common symmetric key 100 so encrypted to party B. Party A then uses the public keys for parties C and D to encrypt the random common symmetric key K to form encrypted common symmetric keys 102 and 104, respectively, and sends the encrypted common symmetric keys 102 and 104 to parties C and D, respectively. Party A then encrypts a message using the random common symmetric key K and broadcasts the encrypted message to all listeners. Parties B, C and D can now use their respective private keys to decrypt the encrypted common symmetric key K and then use the decrypted common symmetric key K to decrypt the broadcast message.
Alternatively, party A broadcasts the encrypted broadcast message 202 and the encrypted common symmetric keys 204 for each intended recipient, i.e., encrypted common symmetric keys 100, 102, and 104, to all listeners B, C and D, as shown in FIG. 2. A listener, for example, party B, then either tries to decrypt all the encrypted common symmetric keys using his private key, looking for the encrypted common symmetric key specifically encrypted for him, or, he looks for his name followed by an encrypted common symmetric key if party A does not care about public knowledge of “who gets what message.” Party B can then use the decrypted common symmetric key K to decrypt the broadcast message. An unintended recipient cannot find an encrypted common symmetric key that is encrypted for him, and thus is unable to decrypt the broadcast message.
The point to point encryption approach to multicast described above is sufficient if the recipients are few. However, the point to point encryption approach becomes difficult to manage as the number of the recipients increases. For example, if there are 10,000 recipients instead of three, party A would need to encrypt the single random symmetric key K 10,000 times using 10,000 public keys. As a result, key management, which involves the selection, distribution and maintenance of the encryption keys, and security becomes difficult and impractical.
Therefore, what is needed is an efficient multicast key management system.